2. What Is Virtual Private Network

CONTENTS

1. Introduction

2. What Is Virtual Private Network

3. VPN Implementation

3.1Remote User Access Over The INTERNET

3.2Connecting Networks Over The INTERNET

3.3Connecting Computers Over The INTRANET

4.Basic VPN Requirements

5.Tunneling

5.1Tunneling Technologies

5.2Tunneling Protocols

5.3How Tunneling Works

6.How VPNs differ from Ordinary Networks

7. Example Use Of VPN

8. Benefits of VPN

9. Conclusion

1. INTRODUCTION

Organizations whose facilities are split between two or more locations can connect the locations into a single logical network through the use of routers and wide area networking (WAN) technologies.

When a circuit-switched network like telephone network, is used, permanent or switched circuit services are employed to emulate the physical attachment of the two sites for router-to-router packet exchange obviously it is private.

When a packet network, such as the Internet, is used as WAN for connecting the sites, the private nature of router-to-router communications is threatened, since the network provides no guarantee regarding packet delivery.

Routers intending to talk to one another over logical Internet circuits will find that packets can be injected into or ejected out of the circuits indiscriminately.

To keep such circuits private, the packets flowing on the circuit must be encrypted so that injected packets will be no use of unintended recipients. These private links between routers are called tunnels.

VPNs are so important to organizations supporting telecommuters, branch offices, and off-site partners, that VPNs are becoming a critical part of corporate Information Technology strategy.

2.What is Virtual Private Network

A VPN is private network constructed with public network infrastructure, such as the global Internet.

A Virtual Private Network connects the components of one network to another. Using tunneling or public network, a Virtual Private Network as name suggests, safely and securely transfers information from one network to another system.

VPNs allow users working at home to connect in a secure fashion to a remote corporate sever using the routing infrastructure provided by a public Internet work. From the user's perspective, the VPN is a point-to-point connection between the user's computer and a corporate server. The nature of the intermediate Internet work is irreverent to the user because it appears as if the data is being sent over a dedicated private link.

VPN technology also allows a corporation to connect to branch office to other companies over a public inter network. While maintaining secure communications. The VPN connection across the internet logically operates as a Wide Area Network (WAN) link between the sites. In both the cases, the secure connection across the Internet work appears to the user to the user as a private network communications despite the fact that this communication occurs over a public Internet work - hence the name Virtual Private Network.

3. VPN Implementation:

3.1 Remote User Access Over The Internet

VPN provide remote access to corporate resources over the public internet, while maintaining privacy of information.

Rather than making a long distance call to a corporate or outsourced Network Access Server (NAS), the user calls a local ISP, the VPN software creates a Virtual Private Network between the dial-up user and the corporate VPN server across the Internet.

3.2 Connecting Networks Over The Internet

There are two methods for using VPNs to connect local area networks at remote sites.

3.2.1 Using dedicated lines to connect a branch office to a corporate LAN:

Rather than using an expensive long haul dedicated circuit between the branch office and the corporate hub, both the branch office and the corporate hub routers can use a local dedicated circuit and local ISP to connect to the Internet. The VPN software uses the local ISP connections and their public Internet to create a Virtual Private Network between the branch office router and the corporate hub router.

3.2.2 Using a Dial - Up line to connect a branch office to a corporate LAN:

Rather than having a router at the branch office make a long distance call to a corporate on outsourced NAS, the router at the branch office can call the local ISP. The VPN software uses the connection to office router and the corporate hub router across the Internet.

Note that in both cases, the facilities that connect the branch office and corporate office to the Internet are local. The corporate hub router that acts as a VPN server must be connected to a local ISP with a dedicated line. This VPN server must listen 24 hours a day for incoming VPN traffic.

3.3 Connecting Computers Over An Intranet

In some corporate Internet works, the department data is so sensitive that the department's LAN is physically disconnected from the rest of the corporate Internet work. While this protects the department's confidential information, which creates information accessibility problems for those users not physically connected to the separate LAN.

VPNs allow the department's LAN to be physically connected to the corporate Internet work but separated by a VPN server. Note that the VPN server is not acting as a router between the corporate Internet work and the department LAN. A router would interconnect the two networks allowing everyone access to the sensitive LAN. By using a VPN the network administrator can ensure that only those users on the corporate Internet work who have appropriate credentials (based on a need to know policy with the company) can establish a VPN with the VPN server and gain access to the protected resources of the department.

Additionally, all communications across the VPN can be encrypted for data confidentiality. Those users who do not have the proper credentials can not view the department LAN.

4. Basic Requirements Of VPNs

Typically when deploying a remote networking solution an enterprise needs to facilitate controlled access to corporate resources and information. The solution must allow roaming or remote clients to connect to corporate to each other to share resources and information (LAN-to-LAN connections).

Therefore at a minimum a VPN solution should provide all of the following:

1. User Authentication

The solution must verify the user's identity and restrict VPN access to authorized users only. In addition, the solution must provide audit and accounting records to show who accessed what information when.

2. Address Management

The solution must assign a clients address on the private net, and must ensure that the private address are kept private.

3. Data encryption

Data carried on the public network must be rendered unreadable to unauthorized clients on the network.

4. Key Management

The solution must generate and refresh encryption

Keys for the client and server.

5. Multi protocol Support

The solution must be able to handle common protocols used in the public network. These include Internet Protocol (IP), internet packet exchange (IPX) and so on.

5.Tunelling

Using tunneling can create a VPN. Tunneling is a

Technology that lets a network transport protocol carry information for other protocols within its own packets.

Tunneling is a method of using an Internet work infrastructure to transfer data from one network over another network. The data to be transferred can be frames or packets of another protocol. Instead of sending a frame ad it is produced by the originating node, the tunneling protocol encapsulates the frame in an additional header. The additional header provides routing information so that the encapsulated payload can traverse the intermediate Internet work.

The encapsulated packets are then routed between tunnel end points over the Internet work. The logical path through which the encapsulated packets travel through the Internet work is called a tunnel. Once the encapsulate frames reach their entire process (encapsulation, transmission and encapsulation of packets).

5.1 Tunneling Technologies

1. SNA tunneling over IP Internet works

When System Network Architecture (SNA) traffic is sent across a corporate IP Internet work, the SNA frame is encapsulated in a UDP and IP header.

2. IPX tunneling for Novell Netware over IP Internet works

When an IPX packet is sent to a NetWare server or IPX router, server or router wraps the IPX packet in a UDP and the IP header, and then sends it across an IP Internet work. The destination IP-to-IPX router removes the UDP and IP header and forwards the packet to the IPX destination.

3. Point-to-Point tunneling protocol (PPTP)

PPTP allows IP, IPX traffic to be encrypted and then encapsulate in an IP header to be sent across a corporate IP Internet work or a public IP Internet work such as the Internet work.

4. Layer2 Tunneling Protocol (L2TP)

L2TP allows IP, IPX traffic to be encrypted and then sent over any medium that supports point-to-point data gram delivery such as IPX 25, Frame Relay.

5. IP security (IPSEC) tunnel mode

IPSEC tunnel mode allows IP payloads to be encrypted and then encapsulate in an IP header to be sent across a corporate IP Internet work or a public Internet work such as the Internet.

5.2 Tunneling Protocols

Tunneling technology can be based on either a Layer2 or Layer3 tunneling protocol. These layers correspond to the Open Systems Interconnection (OSI) reference model.

·Layer2 protocol corresponds to the data link layer and use frames as their unit of exchange. PPTP and L2TP and L2F are Layer2 tunneling protocols.

·Layer3 protocols correspond to the network layer and use packets. IP over IP and IP Security (IPSEC) tunnel mode are examples of Layer 3 tunneling protocols.

5.3 How Tunneling Works:

For Layer2 tunneling terminologies such as PPTP and L2TP a tunnel is similar to a session. Data transferred across the tunnel using a datagram based protocol. A tunnel maintenance protocol is used as a mechanism to manage the tunnel. For layer2 protocols, however a tunnel must be created maintained and then terminated.

Once the tunnel is established, tunnel data can be sent. The tunnel client or server uses a tunnel data transfer protocol to prepare the data to transfer.

For example when the tunnel client sends a payload to tunnel server, the tunnel client first appends a tunnel data transfer protocol header to the payload. The client then sends the resulting encapsulated payload across the Internet work, which routes it to the tunnel server. The tunnel server accepts the packets, removes the tunnel data transfer protocol header and forward the payload to the target network.

6. How VPNs differ from ordinary networks:

VPN differ from ordinary networks in three ways:

1.Virtual Private Networks allow any valid remote user to become part of a corporate central network, using the same network scheme and addressing as users on this central network.

2.Each Corporate central network can also be responsible for validating their own users, despite the fact that they are actually dialing into a public network.

3.The Internet Service Provider can give each of their customer's a unique dial-up telephone number, which will distinguish their service from any other. But this is depends on the software that will be used by the remote user.

7.Example use of VPN:

A remote employee wants to connect into the corporate network and access their company's internal web.

Step1.

The remote user dials into their local ISP and logs into the ISP's network as usual.

Step2.

When connectivity to the corporate network is desired, the user initiates a tunnel request to the destination Security server on the corporate network. The Security server authenticates the user and creates the other end of tunnel.

Step3.

The user then sends data through the tunnel, which encrypted by the VPN software before being sent over the ISP connection.

Step4.

The destination Security server receives the encrypted data and decrypts. The Security server then forwards the decrypted data packets onto the corporate network. Any information sent back to the Remote user is also encrypted before being sent over the Internet.

The figure below illustrates that VPN software can be used from any location through any existing ISP's dial-in service.

8. Benefits of Virtual Private Network:

·Secure data transmission with Tunneling Protocol through Internet.

·Cost effectiveness which eliminates long distance charges.

·VPN links are always based on telephone calls, anywhere around the world resulting in increased performance and productivity.

·VPN using the Internet provides an effective medium for communication.

·Since communication via the Internet using VPN costs a fraction of an identical link, more remote units can be interconnected.

9. Conclusion:

Thus VPN is an outgrowth of the Internet technology, which will transform the daily method of doing business faster than any other technology. A Virtual Private Network, or VPN, typically uses the

Internet as the transport backbone to establish secure links with business partners, extend communications to regional and isolated offices, and significantly decrease the cost of communications for an increasingly mobile workforce. VPNs serve as private network overlays on public IP network infrastructures such as the Internet.

BIBLIOGRAPHY

Magazines:

Pc quest , may 2001

Network ,april 2001

Internet sites: